ReportizFlow
Filtered by vendor Xerox
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17172 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | N/A |
| The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | ||||
| CVE-2018-15530 | 1 Xerox | 2 Colorqube 8580, Colorqube 8580 Firmware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. | ||||
| CVE-2016-11061 | 1 Xerox | 50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more | 2024-11-21 | 9.8 Critical |
| Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | ||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2024-11-21 | 9.8 Critical |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | ||||
| CVE-2024-47559 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47555 | 1 Xerox | 1 Freeflow Core | 2024-10-10 | 8.3 High |
| Missing Authentication - User & System Configuration | ||||